Lighttpd

but is HTTP/3 anywhere on the radar/roadmap for Lighttpd?

HTTP/3 in lighttpd is on the radar, but not currently on the lighttpd roadmap.

For big tech and CDNs, the last decade+ has spent a huge amount of resources on improving the mobile experience over high-latency cellular. As faster WiFi blankets larger and larger areas, wifi may be preferred by mobile devices versus higher-latency cellular links. mobile browsers, mobile providers, CDNs, and VPNs have various incentives to move towards acting as concentrators and endpoints for mobile. All this diminishes the urgency and need for origin servers to directly support HTTP/3.

Since you seem interested in HTTP/3, please allow me to ask you to help us to understand why HTTP/3 should be a bigger priority for lighttpd. How are you using lighttpd that HTTP/3 is likely to make a difference for you?

I forgot to mention, All major web browsers except Safari ship HTTP/3 on by default now. It’s on in Safari Preview builds.

gstrauss wrote in RE: HTTP/3?:

[CDNs, etc.] diminishes the urgency and need for origin servers to directly support HTTP/3.

Proxy-caches/CDNs need to talk to origin servers for any uncached resources. HTTP/3 on the origin can speed up those requests.

There are still tens of millions of smaller websites running on one or a couple of servers, though. Those are the ones that would benefit the most from speeding up connection negotiation.

gstrauss wrote in RE: HTTP/3?:

Since you seem interested in HTTP/3, please allow me to ask you to help us to understand why HTTP/3 should be a bigger priority for lighttpd. How are you using lighttpd that HTTP/3 is likely to make a difference for you?

I’m currently evaluating alternatives to Apache HTTPD. (It’s clunk, the project is staling, and some of its modules are a pain in the ear.) So far, I’ve looked at Caddy, Lighttpd, and OpenLiteSpeed. Lighttpd seems to be the least painful migration. I got it up and running right away, and the documentation is much better than the competition. However, Lighttpd is the only one that hasn’t got support for HTTP/3 yet.

I’m mostly interested in HTTP/3’s improved connection setup performance. It eliminates one roundtrip compared to HTTP/2 (a 20 % improvement). That should translate to 16,6 % improvement on my page load times (5 roundtrips total to render the page instead of 6.)

Google mandates that all webpages must load instantly to rank well. I haven’t gotten anything left to optimize in the so-called “critical rendering path” except to enable HTTP/3. So, I was curious if HTTP/3 support was three months or five years away. There could have been a h3 branch somewhere that I didn’t find.

You make solid points. As a counterpoint, for smaller sites, many CDNs have an inexpensive or free tier. While using a CDN and using HTTP/3 on the origin server are not mutually exclusive, I think that using a CDN would add more reliability and geographic reach to your site (and a higher page rank) than HTTP/3 on the origin server, especially when you have only one (or a few) servers.

the documentation is much better than the competition

I am glad that you have found the documentation useful. Some of the more recently written documentation, such as lighttpd TLS, are more thorough and up-to-date than others. If you find some doc that is dated or deficient, please feel free to post here in the forums with questions for clarification.

So, I was curious if HTTP/3 support was three months or five years away.

A firm timeframe is not possible for me to provide at this moment. lighttpd will very likely support HTTP/3 before the end of 2022, and possibly sooner.

Lighttpd seems to be the least painful migration.

As an aside, if you do run into pain points, please start a thread here in the forums to share them. Thanks.

I know that this thread is over a year old so sorry for necroposting, but I have searched around and can't find any updates about the question anywhere.

Is HTTP/3 on the roadmap at this point and if so is there any idea about when it might be supported, or is it something that has been shelved for the moment to (hopefully) be revisited at a later date?

HTTP/3 is still on the roadmap but unfortunately is not ready for release and won't be for (at least) many months.

Do you have any data about the benefits of HTTP/3 compared to HTTP/2?
Besides high-latency and high packet-loss (i.e. cellular, not wifi), where is HTTP/3 much better than HTTP/2?
Here is a cloudflare blog post from 2020: https://blog.cloudflare.com/http-3-vs-http-2/

Thanks for replying.

There are a lot of benchmarks out there that, including some that are quite a bit more recent than the ones in the Cloudflare article that you shared (interesting read by the way). They are pretty widely varying in their results, with some putting HTTP/2 and HTTP/3 pretty much equal when it comes to speed in the real world and some putting HTTP/3 way ahead. In our experience the reality is somewhere between the two, it is faster in most applications but not by a particularly significant amount. It's worth noting that the speed advantage does increase as geographical distance and number of network hops from the server to the browsed increases.

But actually the biggest advantages in my opinion are improvements to security, which come from the use of UDP rather than TCP, rather than raw performance.

This article is also a couple of years old (mid 2021) but I think it gives a pretty balanced and realistic view of the performance aspects of HTTP/3 vs HTTP/2. https://www.smashingmagazine.com/2021/08/http3-performance-improvements-part2/

But actually the biggest advantages in my opinion are improvements to security, which come from the use of UDP rather than TCP

I am not sure I understand to what you are referring. There are various different attacks and countermeasures that can be made against/using TCP or using UDP.

TLSv1.3 provides security for both HTTP/2 and HTTP/3. TLS early data is not encrypted.
QUIC 0-RTT is encrypted, but response bandwidth is limited to reduce the impact of amplification attacks.

This article is also a couple of years old (mid 2021) but I think it gives a pretty balanced and realistic view of the performance aspects of HTTP/3 vs HTTP/2.

https://www.smashingmagazine.com/2021/08/http3-performance-improvements-part2/

Thank you for the link. I'll have to peruse it when I find some more time.

I previously wrote:

Besides high-latency and high packet-loss

In case I was misunderstood, I do not mean to belittle these. They can be I quite important depending on where in the world you are, and if you are in a moving vehicle.

For the moment, I remain convinced that if it is crucial to obtain specific benefits from using HTTP/3, then I believe that the first order of business is to use a CDN in front of the website. A CDN can provide regional locality as well as providing HTTP/3 access to clients. A CDN can amplify the benefits of cacheable data from the website. I hypothesize that when a CDN connects back to the origin website -- presumably through a high-quality link with high bandwidth, low latency, and low packet loss -- that the CDN will not see much difference between using HTTP/2 and HTTP/3.

Yes, HTTP/3 is still on the roadmap for lighttpd. There is no question about that.
My explanation above is an attempt to share why HTTP/3 is not currently the top development priority for lighttpd.

Thanks.

Yes, HTTP/3 is still on the roadmap for lighttpd. There is no question about that.
My explanation above is an attempt to share why HTTP/3 is not currently the top development priority for lighttpd.

That's great to hear. Of course not everything is possible all at once, time just doesn't work like that :)

I hypothesize that when a CDN connects back to the origin website -- presumably through a high-quality link with high bandwidth, low latency, and low packet loss -- that the CDN will not see much difference between using HTTP/2 and HTTP/3.

That's a fair point, and I think that if you have a good CDN network with nodes in the right geographical locations then yep, you are probably absolutely right. I don't think that a CDN is always the best thing in all use cases though.

But actually the biggest advantages in my opinion are improvements to security, which come from the use of UDP rather than TCP, rather than raw performance.

Do you have any sources to support that statement?

As this page does show up in searches for people having the same question about HTTP/3 in lighttpd, I ask those who read the above to discount and discard @John_P opinions. Even though supporting material has been requested (30 days ago as I write this) for those opinions, none has been provided to support those opinions, and so I can not lend @John_P opinions any credibility, nor should any other reader. @John_P has demonstrated "internet research" as a project manager in related posts in https://redmine.lighttpd.net/boards/4/topics/10968 . Now then, project management is an important part of project delivery and good project managers provide valuable project management to projects. That said, I would personally advise companies to avoid letting non-technical project managers make technical decisions without participation from those more technically qualified to make those specific technical decisions. (I do not know whether or not @John_P is a project manager, but I am using the questions and assumptions made in https://redmine.lighttpd.net/boards/4/topics/10968 to support my hypothesis.)