nginx · Server

ERR_SPDY_PROTOCOL_ERROR nginx error on Chrome


There is a nefarious error on nginx that in rare cases can throw an ERR_SPDY_PROTOCOL_ERROR for the users of Chrome.

TLDR: Check your nginx add_headers directives for invalid characters within any HTTP2 server configurations.

I call this out as attempting to troubleshoot it online can lead you down a rabbit hole of old and misinformation. More so now that the SPDY protocol is neither supported on the Chrome browser and nginx servers.

Take the following nginx configuration.

server {
    listen 80;
    server_name www.example.site example.site;
    location / {
        add_header Strict-Transport-Security: "max-age=31536000; includeSubDomains";
        root /var/www/example.site/;
    }
}
server {
    listen 443 ssl http2;
    server_name www.example.site example.site;
    location / {
        add_header Strict-Transport-Security: "max-age=31536000; includeSubDomains";
        root /var/www/example.site/;
    }
}

It will work correctly in

  • Firefox in both HTTP and HTTPS.
  • Chrome in HTTP.
  • But will fail over HTTPS.

The problem is there are technically malformed headers in this nginx configuration, and the error only occurs in Chrome over the HTTP2 protocol.

The Strict-Transport-Security headers are copied and modified from an example on MDN, and it is invalid when included in the nginx add_header directive because of the appended colon to the header type.

Strict-Transport-Security: max-age=31536000; includeSubDomains

MDN HSTS Example

To fix the error remove the offending punctuation colon after Strict-Transport-Security.

server {
    listen 443 ssl http2;
    server_name www.example.site example.site;
    location / {
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
        root /var/www/example.site/;
    }
}

Reload nginx.

nginx -s reload

And the ERR_SPDY_PROTOCOL_ERROR in Chrome will go away!

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s