Reverse proxying HTTP/2 from h2 to h2c - McMap

About

Reverse proxying HTTP/2 from h2 to h2c

Asked 15/6, 2016 at 12:27 Answered 15/6, 2016 at 13:0

Solved java nginx reverse-proxy haproxy http2

M

1

8

We have a java web server which is able to serve content over h2c (HTTP/2 clear text)

We would like to reverse proxy connections established using h2 (i.e. standard HTTP/2 over SSL) to the java server in h2c.

Enabling HTTP/2 on nginx is simple enough and handling incoming h2 connections works fine.

How do we tell nginx to proxy the connection using h2c rather than http/1.1 ?

Note: a non-nginx solution may be acceptable

server {
    listen       443 ssl http2 default_server;
    server_name  localhost;

    ssl_certificate      /opt/nginx/certificates/???.pem;
    ssl_certificate_key  /opt/nginx/certificates/???.pk8.key.pem;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://localhost:8080/;  ## <---- h2c here rather than http/1.1
    }
}

CONCLUSION (June 2016)

This can be done with haproxy using a configuration file as simple as the one below.

Querying (HttpServletRequest) req.getProtocol() clearly returns HTTP/2.0

global
tune.ssl.default-dh-param 1024

defaults
timeout connect 10000ms
timeout client 60000ms
timeout server 60000ms

frontend fe_http
mode http
bind *:80
# Redirect to https
redirect scheme https code 301

frontend fe_https
mode tcp
bind *:443 ssl no-sslv3 crt mydomain.pem ciphers TLSv1.2 alpn h2,http/1.1
default_backend be_http

backend be_http
mode tcp
server domain 127.0.0.1:8080

Meaghan answered 15/6, 2016 at 12:27 Comment(3)

I guess nginx does not support that. nginx.org/r/proxy_http_version – Kruse 15/6, 2016 at 12:44

@AlexeyTen hope it does soon.. Went with haproxy in the meantime – Meaghan 15/6, 2016 at 13:37

I would query the value in this. HTTP/2's primary benefit is for high latency client-server connections and less so for, presumably, low latency server-server connections. HTTP/2 will be the future for the majority of connections (including server to server ones eventually) but the lack of support at present is telling as to how new this is and therefore whether it's wise to move to that just yet based on limited upsides. Just my opinion - and I am a massive fan of HTTP/2 for clients btw so not trying to underplay the benefits there. – Stalinist 15/6, 2016 at 22:22

N

3

HAProxy does support that.

HAProxy can offload TLS and forward to a backend that speaks h2c.

Details on how to setup this configuration are available in this blog post.

Nonego answered 15/6, 2016 at 13:0 Comment(4)

Thanks. Trying now. I will report back results – Meaghan 15/6, 2016 at 13:9

@BrunoGrieder, out of curiosity, what is the backend server that speaks h2c ? – Nonego 15/6, 2016 at 17:34

We use Jetty embedded 9.3.9 – Meaghan 16/6, 2016 at 4:1

@Nonego can you please include an example of the HAproxy config where h2c requests are being sent to the backend using the http mode. I have run into the following issue while trying this using proto h2: discourse.haproxy.org/t/… – Lexielexigraphy 27/3, 2019 at 22:42

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.