Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: enable H2C for HTTP listeners via CLI flag #2739

Merged
merged 2 commits into from Oct 1, 2020
Merged

server: enable H2C for HTTP listeners via CLI flag #2739

merged 2 commits into from Oct 1, 2020

Commits on Oct 1, 2020

  1. server: enable H2C for HTTP listeners via CLI flag 

    This follows the docs provided by the [github issue](1),
https://www.mailgun.com/blog/http-2-cleartext-h2c-client-example-go/

For manual testing, ensure that you have a curl version with the proper
"Features", as can be read off `curl --version`:

    curl 7.72.0 (x86_64-apple-darwin19.5.0) libcurl/7.72.0 OpenSSL/1.1.1g zlib/1.2.11 brotli/1.0.9 zstd/1.4.5 c-ares/1.16.1 libssh2/1.9.0 nghttp2/1.41.0 librtmp/2.3
    Release-Date: 2020-08-19
    Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
    Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets zstd

As described in the mailgun blog post, curl-openssl on homebrew has it for osx.

With this change, and started with

    ./opa_darwin_amd64 run -s --h2c --diagnostic-addr :8182

Both the ALPN and the "prior knowledge" modes work against the insecure endpoints:

    $ curl -v --http2 http://127.0.0.1:8181/metrics >/dev/null
    *   Trying 127.0.0.1:8181...
    > GET /metrics HTTP/1.1
    > Host: 127.0.0.1:8181
    > User-Agent: curl/7.72.0
    > Accept: */*
    > Connection: Upgrade, HTTP2-Settings
    > Upgrade: h2c
    > HTTP2-Settings: AAMAAABkAAQCAAAAAAIAAAAA
    >
    * Mark bundle as not supporting multiuse
    < HTTP/1.1 101 Switching Protocols
    < Connection: Upgrade
    < Upgrade: h2c
    * Received 101
    * Using HTTP2, server supports multi-use
    * Connection state changed (HTTP/2 confirmed)
    * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
    * Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
    < HTTP/2 200
    < content-type: text/plain; version=0.0.4; charset=utf-8
    < date: Wed, 30 Sep 2020 12:15:08 GMT
    <
    { [4096 bytes data]
    * Connection #0 to host 127.0.0.1 left intact
    $ curl -v --http2-prior-knowledge http://127.0.0.1:8181/metrics >/dev/null
    *   Trying 127.0.0.1:8181...
    * Using HTTP2, server supports multi-use
    * Connection state changed (HTTP/2 confirmed)
    * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
    * Using Stream ID: 1 (easy handle 0x7f85c3814c00)
    > GET /metrics HTTP/2
    > Host: 127.0.0.1:8181
    > user-agent: curl/7.72.0
    > accept: */*
    >
    * Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
    < HTTP/2 200
    < content-type: text/plain; version=0.0.4; charset=utf-8
    < date: Wed, 30 Sep 2020 12:15:13 GMT
    <
    { [4096 bytes data]
    * Connection #0 to host 127.0.0.1 left intact

[1]: open-policy-agent#2399

Signed-off-by: Stephan Renatus <srenatus@chef.io>
    @srenatus
    srenatus committed Oct 1, 2020
    Configuration menu
    Copy the full SHA
    8131603 View commit details
    Browse the repository at this point in the history

  2. server: enable H2C for HTTP listeners via CLI flag [revendor] 

    Signed-off-by: Stephan Renatus <srenatus@chef.io>
    @srenatus
    srenatus committed Oct 1, 2020
    Configuration menu
    Copy the full SHA
    24d940f View commit details
    Browse the repository at this point in the history