nginx

Fix ERR_SPDY_PROTOCOL_ERROR
an nginx error on Chrome

Reading time of 243 words
1 minute
Reading time of 243 words ~ 1 minute


If you find this content useful, consider buying me a coffee
Or help me out by engaging with any advertisers that you find interesting

There is a nefarious error on nginx that in rare cases can throw an ERR_SPDY_PROTOCOL_ERROR for the users of Chrome.

TLDR: Check your nginx add_headers directives for invalid characters within any HTTP2 server configurations.

I call this out as attempting to troubleshoot it online can lead you down a rabbit hole of old and misinformation. More so now that the SPDY protocol is neither supported on the Chrome browser and nginx servers.

Take the following nginx configuration.

server {
    listen 80;
    server_name www.example.site example.site;
    location / {
        add_header Strict-Transport-Security: "max-age=31536000; includeSubDomains";
        root /var/www/example.site/;
    }
}
server {
    listen 443 ssl http2;
    server_name www.example.site example.site;
    location / {
        add_header Strict-Transport-Security: "max-age=31536000; includeSubDomains";
        root /var/www/example.site/;
    }
}

It will work correctly in Firefox in both with HTTP, HTTPS and Chrome over HTTP.

But it will fail in Chrome over HTTPS.

The problem is there are technically malformed headers in this nginx configuration, and the error only occurs in Chrome over the HTTP2 protocol.

The Strict-Transport-Security headers are copied and modified from an example on MDN, and it is invalid when included in the nginx add_header directive because of the appended colon to the header type.

Strict-Transport-Security: max-age=31536000; includeSubDomains

MDN HSTS Example

To fix the error remove the offending punctuation colon after Strict-Transport-Security.

server {
    listen 443 ssl http2;
    server_name www.example.site example.site;
    location / {
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
        root /var/www/example.site/;
    }
}

Reload nginx.

nginx -s reload

And the ERR_SPDY_PROTOCOL_ERROR in Chrome will go away!

Written by Ben Garrett

If you find this content useful, consider buying me a coffee
Or help me out by engaging with any advertisers that you find interesting