-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP2 without TLS #342
Comments
HTTP/2 technically can work without encryption but all browsers only support HTTP/2 with TLS (see wikipedia). So it may be the case that the HTTP2 support in Daphne is limited to TLS connections too. |
What's the twisted story here, I want to ask? That would be the starting point. |
Yup, I'm quite aware of this. This is not my case though; I have daphne behind a load balancer. Using a LB or another proxy that does the TLS termination is not unusual. |
I totally agree with that. Same setup here. Our ingress is basically terminating the ssl connection. As far as I can see nginx (based ingress) is able to forward http2 messages without requiring tls on the other end. |
Interested in this too. We have a load balancer that handles the ssl connection also, and all the communication between the load balancer and our worker instances happens in a private network. Would love to not have to configure tls, certificates, etc. for the workers. |
Anyone had a look at Twisted for this yet? (If it's supported there, very likely we can do it here...) |
@carltongibson It seems that this can be implemented by simply using a different Twisted endpoint class. Instead of using |
So we call
So, perhaps the right incantation there would already work? 🤔 |
Yes, it's a common pattern. My expertise is far too limited to make a really coherent contribution here, but just as a little extra context and possibly a useful check, the Cloud Run docs highlight this, noting that: "Your Cloud Run service must handle requests in HTTP/2 cleartext (h2c) format, because TLS is still terminated automatically by Cloud Run. To confirm that your service supports h2c requests, test the service locally using this cURL command:
|
I did some testing on my own and don't believe using I installed When I run
And the following is in the daphne logs (Note the
I also can't seem to get twisted to work with http2 without tls using the Web Server example on https://twisted.org/ -
I am able to get http2 without tls working if I follow this - https://stackoverflow.com/a/64433012 but that calls the As far as using http2 behind a load balancer/proxy NGINX doesn't support this and gives an explanation as to why they think it wouldn't make much sense - https://trac.nginx.org/nginx/ticket/923 |
This would be a really nice feature for Google Cloud Run; we tried switching to hypercorn, but the startup time increased by 400%. 😅 |
This SO thread seems to imply you can get twisted to serve HTTP2 without TLS (see the "Update" in the answer). https://stackoverflow.com/questions/64378351/twisted-webserver-with-plain-http2-h2c Can anyone get that working with Daphne? Please post here if so. |
The README explains how to set up HTTP2 with TLS, but there's no indication of how to set it up without TLS.
Just for context: my interest in doing this is because my load balancer already does the TLS termination. There's little sense in me setting up a pipeline to provision certificates to my django instances -- and the overhead of TLS between the load balancer and Django doesn't really make sense.
I've installed the optional dependencies:
pip install -U 'Twisted[tls,http2]'
And
daphne
indicates it supports HTTP2:However, it does not seem to actually operate on HTTP2, even using things like:
Am I testing this wrong, or would additional changes be required for daphne to support this?
The text was updated successfully, but these errors were encountered: