Friday, April 20, 2012

mod_spdy: revisited

‹prev | My Chain | next›

I remain undecided about how I should approach node-spdy in the updated edition of SPDY Book, so tonight I take a break. Instead I am going to kick the tires on mod_spdy. When I first got started on this current kick of writing, I looked at mod_spdy and came to the conclusion that it was not worth expending time. A year later, that is no longer the case.

First up, I grab the 64 Ubuntu package (I do not miss compiling that gclient source code):
$ wget https://dl-ssl.google.com/dl/linux/direct/mod-spdy-beta_current_amd64.deb
Then I install:
sudo dpkg -i mod-spdy-beta_current_amd64.deb 
...
Setting up mod-spdy-beta (0.9.1.5-r301) ...
Enabling module spdy.
To activate the new configuration, you need to run:
  service apache2 restart
I follow those instructions (restarting apache), then access my local SSL server at https://jaynestown.local, and...

It works. I access my old SSL site and, checking out the SPDY tab in chrome://net-internals, I actually have a legitimate SPDY session:


Wow. That was incredibly easy. When I tried this a year ago, I despaired that writing The SPDY Book might well prove impossible on the first day I researched it, thanks to mod_spdy. Now, I can install a Deb package and I am running immediately. Amazing.

Some important notes: I benefit from running Ubuntu 12.04, which comes with a version of openssl that is capable of Next Protocol Negotiation (NPN). Without that, the browser would have no way of knowing that Apache was SPDY-enabled. I spent some time last year configuring my SSL server, some of the highlights of which are:
<VirtualHost _default_:443>
        DocumentRoot /var/www
        # ...
        SSLEngine on
        # ...
        SSLCertificateFile    /etc/ssl/certs/jaynestown.crt
        SSLCertificateKeyFile /etc/ssl/private/jaynestown.key
        # ...
</VirtualHost>
I even spent a good deal of time setting myself as a CA (locally).

The bottom line is that SSL configuration is pretty easy, but not needing to install an edge version of openssl makes any pain of using a Beta Ubuntu more than worth it.

As for the mod_spdy module itself, aside from working, there is not much else to explore. Work it does, but there are relatively few configuration options. I am already eagerly waiting for SPDY server push configuration settings in a forthcoming release.

Day #362

No comments:

Post a Comment