Over the weekend we made a major change to the forums. We (finally) completed a project that started in March 2014 but for one reason or another managed to put off for a long time. The big changes are that the forums are now going to start pushing users to HTTPS by default, instead of HTTP. This did take a bit of consideration but at the end of the day it is the right thing to do. Check out the forums now at httpS://forums.servethehome.com
Why HTTPS now? In general it is best practice to not use highly sensitive logins and passwords on forums. Certainly a large global bank is going to have a huge security department whereas the average forum has little if anything by way of security. In fact, with the move to XenForo earlier this year, we have slowly been pushing people towards not using a STH-specific login. Instead we have enabled Google+, Facebook and Twitter account logins with the forums just so we do not handle that information.
Another major change is that we moved to SPDY from Google. SPDY is a technology implemented in web servers and browsers that is meant to speed up content delivery from websites. You can read the SPDY whitepaper here. Here are some key features:
[tabgroup][tab title=”SPDY Basic Features”]
- Multiplexed streams
SPDY allows for unlimited concurrent streams over a single TCP connection. Because requests are interleaved on a single channel, the efficiency of TCP is much higher: fewer network connections need to be made, and fewer, but more densely packed, packets are issued.
- Request prioritization
Although unlimited parallel streams solve the serialization problem, they introduce another one: if bandwidth on the channel is constrained, the client may block requests for fear of clogging the channel. To overcome this problem, SPDY implements request priorities: the client can request as many items as it wants from the server, and assign a priority to each request. This prevents the network channel from being congested with non-critical resources when a high priority request is pending.
- HTTP header compression
SPDY compresses request and response HTTP headers, resulting in fewer packets and fewer bytes transmitted.
SPDY requires SSL so this change made sense to do at the same time. For those wondering, SPDY is still not overly widespread in usage, but major web properties like Google, Facebook and Twitter have implemented it.
Another key implication of this change is that our OpenSSL benchmarks we run in Linux-Bench are going to become more important. There is a latency and processing overhead for SSL connections so this is not a “free” change over the weekend.
Next up – we are still working on the pain that is Varnish + NGINX + WordPress + SSL. So far testing has provided quite a few issues with the setup. The only thing making it relatively easier is that there are not too many users logging into WordPress directly at this point.
Head over to the forums here to check out the new changes.