Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#20] HTTP개선 (1.1 -> 2.0 -> 3.0) #27

Merged
merged 2 commits into from
Jan 21, 2025
Merged

[#20] HTTP개선 (1.1 -> 2.0 -> 3.0) #27

merged 2 commits into from
Jan 21, 2025

Conversation

inhachoi
Copy link
Contributor

🔗 #20

🙋‍ Summary (요약)

  • Why?: 네트워킹의 흐름을 학습하며, 현대 웹의 요구사항에 부적합한 HTTP/1.1을 2.0과 3.0의 멀티플렉싱, 헤더 압축, 서버 푸시와 같은 최신 기능을 통해 속도, 보안, 효율성을 향상시키고, 이를 수치로 직접 비교해보기 위해서.
  • HTTP/1.1 -> HTTP/2.0
  • HTTP/2.0 -> HTTP/3.0
  • 자세한 학습 및 개선 과정

😎 Description (변경사항)

nginx.conf 파일에 설정 추가.

  • before
server {
    listen 80;
    server_name boolock.site;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    
    server_name boolock.site;

    ssl_certificate /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;

    location / {
        root /usr/share/nginx/html;
        try_files $uri $uri/ /index.html;
    }

    location /api/ {
        proxy_pass http://backend:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache_bypass $http_upgrade;
    }

    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-XSS-Protection "1; mode=block";

    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application;
    gzip_min_length 256;
}
  • after
server {
    listen 80;
    server_name boolock.site;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    http2 on;
    http3 on;
    quic_retry off;

    server_name boolock.site;

    ssl_certificate /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;

    add_header Alt-Svc 'h3-23=":443"; ma=86400';

    location / {
        root /usr/share/nginx/html;
        try_files $uri $uri/ /index.html;
    }

    location /api/ {
        proxy_pass http://backend:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache_bypass $http_upgrade;
    }

    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-XSS-Protection "1; mode=block";

    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application;
    gzip_min_length 256;
}
  • http2 on; → HTTP/2.0 프로토콜을 활성화하는 설정
  • http3 on; → HTTP/3.0 프로토콜을 활성화하는 설정
  • quic_retry off; → QUIC 연결에서 재시도를 비활성화하는 설정 (QUIC는 초기 핸드셰이크 중 연결 설정을 재시도 할 수 있어서 불필요한 재시도 시간 절약)
  • ssl_protocols TLSv1.3; → 서버에서 지원하는 SSL/TLS 프로토콜을 TLS 1.3으로 제한. (TLS 1.3이 1.1, 1.2 버전보다 보안과 성능이 좋다)
  • ssl_prefer_server_ciphers off; → 서버가 아니라 클라이언트가 원하는 암호화 방식을 우선적으로 사용하도록 설정.
  • add_header Alt-Svc 'h3-23=":443"; ma=86400'; → HTTP 헤더에 Alt-Svc를 추가하여 브라우저가 HTTP/3.0을 사용할 수 있도록 알린다. (ma=86400은 Alt-Svc 정보를 캐시에 저장하는 유효 기간으로 86400초 = 1일 이다)

기존 HTTP/1.1 모습

111

112


HTTP/2 적용 모습

222

223


HTTP/3 적용 모습

331

335

332

🔥 Trouble Shooting (해결된 문제 및 해결 과정)

처음에는 컨테이너 내부를 직접 수정하는 방식으로 진행했다. 하지만 이 방식은 컨테이너 내부의 설정 파일만 변경되므로, 컨테이너를 재배포하거나 새로 생성하면 변경 사항이 초기화되는 문제가 있어서 프로젝트 설정 파일을 수정하는 방식으로 변경했다.

🤔 Open Problem (미해결된 문제 혹은 고민사항)

@inhachoi inhachoi added the refactor 리팩토링 label Jan 20, 2025
@inhachoi inhachoi self-assigned this Jan 20, 2025
@inhachoi inhachoi requested a review from a team as a code owner January 20, 2025 13:49
@inhachoi inhachoi requested review from Honghyeonji and lee0jae330 and removed request for a team January 20, 2025 13:49
@inhachoi inhachoi linked an issue Jan 20, 2025 that may be closed by this pull request
[refactor] http 개선 적용 #20
Closed
3 tasks
lee0jae330
lee0jae330 approved these changes Jan 20, 2025
View reviewed changes
Copy link
Member

@lee0jae330 lee0jae330 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

학습 정리가 정말 잘 되어 있어서 http 2.0, 3.0로 개선한 이유를 확실하게 알 것 같습니다 ㅎㅎ 저도 네트워크 대해 얼른 공부해야겠네요 ! 고생하셨습니다.♥️

Honghyeonji
Honghyeonji approved these changes Jan 20, 2025
View reviewed changes
Copy link
Contributor

@Honghyeonji Honghyeonji left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

학습정리 너무 잘 되어있어서 계속 감탄만 했네요ㅎㅎ 수고하셨습니다❤️

apps/client/production/nginx.conf
Comment on lines +12 to +13
http2 on;
http3 on;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

이런 설정이 있었군요..?

@inhachoi inhachoi merged commit 6e45c85 into dev Jan 21, 2025
5 checks passed
@inhachoi inhachoi deleted the refactor/20 branch January 22, 2025 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lee0jae330 lee0jae330 lee0jae330 approved these changes

@Honghyeonji Honghyeonji Honghyeonji approved these changes

Assignees

@inhachoi inhachoi

Labels
refactor 리팩토링
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[refactor] http 개선 적용
3 participants
@inhachoi @Honghyeonji @lee0jae330