HTTP / 2 reverse proxy from h2 to h2c

Question

HTTP / 2 reverse proxy from h2 to h2c

We have a java web server that can serve content via h2c (pure HTTP / 2 text)

We would like to cancel the proxy connections established using h2 (i.e. standard HTTP / 2 over SSL) to the java server in h2c.

Enabling HTTP / 2 on nginx is quite simple, and handling incoming h2 connections works fine.

How do we tell nginx to proxy a connection using h2c rather than http / 1.1?

Note: a solution other than nginx may be acceptable

server { listen 443 ssl http2 default_server; server_name localhost; ssl_certificate /opt/nginx/certificates/???.pem; ssl_certificate_key /opt/nginx/certificates/???.pk8.key.pem; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:8080/; ## <---- h2c here rather than http/1.1 } }

CONCLUSION (June 2016)

This can be done using haproxy, using the configuration file is as simple as the one below.

The request (HttpServletRequest) req.getProtocol() explicitly returns HTTP/2.0

 global tune.ssl.default-dh-param 1024 defaults timeout connect 10000ms timeout client 60000ms timeout server 60000ms frontend fe_http mode http bind *:80 # Redirect to https redirect scheme https code 301 frontend fe_https mode tcp bind *:443 ssl no-sslv3 crt mydomain.pem ciphers TLSv1.2 alpn h2,http/1.1 default_backend be_http backend be_http mode tcp server domain 127.0.0.1:8080

+5

java reverse-proxy nginx http2 haproxy

Bruno grieder Jun 15 '16 at 12:27

source share

1 answer

sbordet · Accepted Answer · 2016-06-15T13:00:32+0000

HAProxy supports this.

HAProxy can unload TLS and switch to the backend that says h2c .

Details on how to configure this configuration are available in this blog post .

HTTP / 2 reverse proxy from h2 to h2c

More articles: