我们有一个能够通过h2c(HTTP / 2明文)提供内容的java web服务器
We have a java web server which is able to serve content over h2c (HTTP/2 clear text)
我们想要反转使用h2建立的代理连接(即,通过SSL的标准HTTP / 2)到h2c中的java服务器。
We would like to reverse proxy connections established using h2 (i.e. standard HTTP/2 over SSL) to the java server in h2c.
在nginx上启用HTTP / 2非常简单,处理传入的h2连接工作正常。
Enabling HTTP/2 on nginx is simple enough and handling incoming h2 connections works fine.
我们如何告诉nginx使用h2c代替连接而不是http / 1.1?
How do we tell nginx to proxy the connection using h2c rather than http/1.1 ?
注意:非nginx解决方案可能是可接受的
Note: a non-nginx solution may be acceptable
server { listen 443 ssl http2 default_server; server_name localhost; ssl_certificate /opt/nginx/certificates/???.pem; ssl_certificate_key /opt/nginx/certificates/???.pk8.key.pem; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass localhost:8080/; ## <---- h2c here rather than http/1.1 } }结论(2016年6月)
这可以使用haproxy使用配置文件来完成,如下所示。
This can be done with haproxy using a configuration file as simple as the one below.
查询(HttpServletRequest) req.getProtocol()明确返回 HTTP / 2.0
global tune.ssl.default-dh-param 1024 defaults timeout connect 10000ms timeout client 60000ms timeout server 60000ms frontend fe_http mode http bind *:80 # Redirect to https redirect scheme https code 301 frontend fe_https mode tcp bind *:443 ssl no-sslv3 crt mydomain.pem ciphers TLSv1.2 alpn h2,http/1.1 default_backend be_http backend be_http mode tcp server domain 127.0.0.1:8080推荐答案
HAProxy 确实支持。
HAProxy可以卸载TLS并转发到后端,说出 h2c 。
HAProxy can offload TLS and forward to a backend that speaks h2c.
有关如何设置此配置的详细信息,请参阅此博文。
Details on how to setup this configuration are available in this blog post.
更多推荐
将HTTP / 2从h2反向代理到h2c
发布评论