AWS ELB/ALB http/2 pass thru to EC2 instance via http/2 (not http/1.1)

Asked 27/10, 2018 at 1:35 Answered 2/12, 2022 at 7:47

AWS ELB/ALB now supports HTTP/2.

According to the documentation (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html):

Application Load Balancers provide native support for HTTP/2 with HTTPS listeners. You can send up to 128 requests in parallel using one HTTP/2 connection. The load balancer converts these to individual HTTP/1.1 requests and distributes them across the healthy targets in the target group.

My target is an EC2 instance running Apache with HTTP/2 support. Is it possible to have the ALB connect to the target (EC2 instance) via HTTP/2 and avoid having ALB <--> ec2 connections be via HTTP/1.1?

I did not see any way to do this in the console or documentation.

Galyak answered 27/10, 2018 at 1:35 Comment(1)

I’m pretty sure you can connect ALB’s to instance groups. You configure the groups in the last step of creating the ALB – Prevaricate 27/10, 2018 at 1:38

~~No, this isn't possible.~~

ALB always converts the requests to HTTP/1.1 and this is not a configurable option.

When this question was originally asked, this was not possible.

This has changed. Application Load Balancers now support back-to-back HTTP/2 (and gRPC).

https://aws.amazon.com/blogs/aws/new-application-load-balancer-support-for-end-to-end-http-2-and-grpc/

Mailbox answered 27/10, 2018 at 17:5 Comment(6)

I'm hopeful that this will soon change, as HTTP/2 gets more usage and becomes more widespread, ALBs will allow HTTP/2 to be used through the entire connection. – Galyak 28/10, 2018 at 22:48

The advantage of this design is that the parallel requests from a single viewer can be spread out among back-end instances. You can run your setup with a Network Load Balancer (NLB) if you really want to run your own http/2, but you then lose access to Amazon Certificate Manager certificates, which aren't usable with NLB, and in fact your instances will have to do all the TLS processing themselves, because NLB doesn't do TLS offload. – Mailbox 28/10, 2018 at 23:6

Does this still holds ? I have enabled http2 on ALB but when I do but when I do curl -i domain or curl -i domain --http2 it gives me http1.1. is this expected behavior? – Anomaly 27/2, 2020 at 20:9

Looks like it may be possible now. See docs.aws.amazon.com/elasticloadbalancing/latest/application/… – Superior 12/2, 2021 at 2:4

It seems not very practical; a HTTP/1.1 client received a 464 HTTP status and no results when the target group is configured as http2. – Chokeberry 16/3, 2022 at 21:29

This answer should be updated since it's now possible. See answer by @Sateesh. – Labret 1/2, 2023 at 18:28

Yes, it is possible, configure the target group to use http2 in the basic config section as shown below.

Self answered 2/12, 2022 at 7:47 Comment(2)

My experience is that although this option is available, it doesn't actually work. I've had no success at all with using HTTP/2 to the target instances. I think the problem might be just the way ALB is doing target healthchecks. – Bearish 17/3, 2023 at 4:0

Same as @Bearish told - I have http2 enabled on my EC2 nginx, but health-checks never get Healthy if I create a TargetGroup with HTTP2. This is nginx log of that config: int.ip.1 - - [18/Sep/2023:07:18:13 +0000] "PRI * HTTP/2.0" 400 157 "-" "-" "-" int.ip.2 - - [18/Sep/2023:07:18:14 +0000] "PRI * HTTP/2.0" 400 157 "-" "-" "-" int.ip.3 - - [18/Sep/2023:07:18:39 +0000] "GET /HTTP/1.1" 200 25 "-" "ELB-HealthChecker/2.0" "-" int.ip.3 - - [18/Sep/2023:07:18:49 +0000] "GET / HTTP/1.1" 200 25 "-" "ELB-HealthChecker/2.0" "-" Ended up using HTTP1.1 – Indetermination 18/9, 2023 at 12:32

Recommended topics

Hot tags