Setting up HTTP/2 with no SSL connector ?

[Laurent Perez <l....@gmail.com>]

Hi

I managed to run the servlets/serverpush/simpleimage HTTP/2 push example
from Tomcat 9 trunk with the SSL Http11AprProtocol connnector and
<UpgradeProtocol
className="org.apache.coyote.http2.Http2Protocol"/>.

Now I would like to enable HTTP/2 but without SSL : my certificates are
either hosted under my load balancer or Apache itself, and I do not require
SSL between mod_proxy and Tomcat.

But org.apache.coyote.AbstractProcessor#isPushSupported then returns false,
as if the UpgradeProtocol did not fire.

Is it possible to enable HTTP/2 with no SSL connector ?

Thanks
laurent




-- 
http://cv.laurentperez.fr
J2EE, HTML5, JS, CSS3

Re: Setting up HTTP/2 with no SSL connector ?

[Olaf Kock <to...@olafkock.de>]

Am 30.03.2017 um 21:53 schrieb Laurent Perez:
> Client is Chrome 56. Where could I check in tomcat source to see if the
> client is sending the h2c upgrade token ?
>>> I managed to run the servlets/serverpush/simpleimage HTTP/2 push example
>>> from Tomcat 9 trunk with the SSL Http11AprProtocol connnector and
>>> <UpgradeProtocol
>>> className="org.apache.coyote.http2.Http2Protocol"/>.
>>>
>>> Now I would like to enable HTTP/2 but without SSL : my certificates are
>>> either hosted under my load balancer or Apache itself, and I do not
>>> require SSL between mod_proxy and Tomcat.
I'm not sure if this is still about the same topic: You mentioned first
that it's about unencrypted traffic between httpd and tomcat, now
Chrome56 comes into the game. According to
https://en.wikipedia.org/wiki/HTTP/2#Encryption, Chrome won't initiate
any unencrypted HTTP/2 connection and I'm not sure if this is what
you're testing/bypassing Apache with in order to just test the connector.

Olaf

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Setting up HTTP/2 with no SSL connector ?

[Laurent Perez <l....@gmail.com>]

Yes I was under the false impression that Chrome did support h2c ; it does
not, as you pointed.
HTTP/2 works fine now.

Thanks

On Thu, Mar 30, 2017 at 10:46 PM, Mark Thomas <ma...@apache.org> wrote:

> On 30 March 2017 20:53:06 BST, Laurent Perez <l....@gmail.com>
> wrote:
> >Thank you Mark.
> >
> >h2c is enabled : 30-Mar-2017 21:30:33.373 INFOS [main]
> >org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
> >The ["http-nio-8080"] connector has been configured to support HTTP
> >upgrade
> >to [h2c]
> >
> >However org.apache.catalina.connector.Request#newPushBuilder returns
> >null.
> >Processor is a Http11Processor and it does not override the return
> >false
> >of org.apache.coyote.AbstractProcessor#isPushSupported. It's as if the
> >upgrade did not plug in.
> >
> >Using the apr+ssl connector, same client works fine (i.e pushBuilder is
> >not
> >null).
> >
> >Client is Chrome 56. Where could I check in tomcat source to see if the
> >client is sending the h2c upgrade token ?
>
> I'm fairly sure most browsers including chrome do not support h2c.
>
> Chrome developer tools should show you the network traffic.
>
> Mark
>
>
> >
> >laurent
> >
> >
> >
> >On Thu, Mar 30, 2017 at 9:07 PM, Mark Thomas <ma...@apache.org> wrote:
> >>
> >> On 30/03/17 18:02, Laurent Perez wrote:
> >> > Hi
> >> >
> >> > I managed to run the servlets/serverpush/simpleimage HTTP/2 push
> >example
> >> > from Tomcat 9 trunk with the SSL Http11AprProtocol connnector and
> >> > <UpgradeProtocol
> >> > className="org.apache.coyote.http2.Http2Protocol"/>.
> >> >
> >> > Now I would like to enable HTTP/2 but without SSL : my certificates
> >are
> >> > either hosted under my load balancer or Apache itself, and I do not
> >require
> >> > SSL between mod_proxy and Tomcat.
> >> >
> >> > But org.apache.coyote.AbstractProcessor#isPushSupported then
> >returns
> >false,
> >> > as if the UpgradeProtocol did not fire.
> >> >
> >> > Is it possible to enable HTTP/2 with no SSL connector ?
> >>
> >> Yes. You need to add the <UpgradeProtocol ... /> block to an HTTP
> >> connector. You should see in the start-up log that h2c is enabled via
> >> HTTP Upgrade.
> >>
> >> Mark
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >
> >
> >
> >--
> >http://cv.laurentperez.fr
> >J2EE, HTML5, JS, CSS3
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
http://cv.laurentperez.fr
J2EE, HTML5, JS, CSS3

Re: Setting up HTTP/2 with no SSL connector ?

[Mark Thomas <ma...@apache.org>]

On 30 March 2017 20:53:06 BST, Laurent Perez <l....@gmail.com> wrote:
>Thank you Mark.
>
>h2c is enabled : 30-Mar-2017 21:30:33.373 INFOS [main]
>org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
>The ["http-nio-8080"] connector has been configured to support HTTP
>upgrade
>to [h2c]
>
>However org.apache.catalina.connector.Request#newPushBuilder returns
>null.
>Processor is a Http11Processor and it does not override the return
>false
>of org.apache.coyote.AbstractProcessor#isPushSupported. It's as if the
>upgrade did not plug in.
>
>Using the apr+ssl connector, same client works fine (i.e pushBuilder is
>not
>null).
>
>Client is Chrome 56. Where could I check in tomcat source to see if the
>client is sending the h2c upgrade token ?

I'm fairly sure most browsers including chrome do not support h2c.

Chrome developer tools should show you the network traffic.

Mark


>
>laurent
>
>
>
>On Thu, Mar 30, 2017 at 9:07 PM, Mark Thomas <ma...@apache.org> wrote:
>>
>> On 30/03/17 18:02, Laurent Perez wrote:
>> > Hi
>> >
>> > I managed to run the servlets/serverpush/simpleimage HTTP/2 push
>example
>> > from Tomcat 9 trunk with the SSL Http11AprProtocol connnector and
>> > <UpgradeProtocol
>> > className="org.apache.coyote.http2.Http2Protocol"/>.
>> >
>> > Now I would like to enable HTTP/2 but without SSL : my certificates
>are
>> > either hosted under my load balancer or Apache itself, and I do not
>require
>> > SSL between mod_proxy and Tomcat.
>> >
>> > But org.apache.coyote.AbstractProcessor#isPushSupported then
>returns
>false,
>> > as if the UpgradeProtocol did not fire.
>> >
>> > Is it possible to enable HTTP/2 with no SSL connector ?
>>
>> Yes. You need to add the <UpgradeProtocol ... /> block to an HTTP
>> connector. You should see in the start-up log that h2c is enabled via
>> HTTP Upgrade.
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
>
>--
>http://cv.laurentperez.fr
>J2EE, HTML5, JS, CSS3


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Setting up HTTP/2 with no SSL connector ?

[Laurent Perez <l....@gmail.com>]

Thank you Mark.

h2c is enabled : 30-Mar-2017 21:30:33.373 INFOS [main]
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
The ["http-nio-8080"] connector has been configured to support HTTP upgrade
to [h2c]

However org.apache.catalina.connector.Request#newPushBuilder returns null.
Processor is a Http11Processor and it does not override the return false
of org.apache.coyote.AbstractProcessor#isPushSupported. It's as if the
upgrade did not plug in.

Using the apr+ssl connector, same client works fine (i.e pushBuilder is not
null).

Client is Chrome 56. Where could I check in tomcat source to see if the
client is sending the h2c upgrade token ?

laurent



On Thu, Mar 30, 2017 at 9:07 PM, Mark Thomas <ma...@apache.org> wrote:
>
> On 30/03/17 18:02, Laurent Perez wrote:
> > Hi
> >
> > I managed to run the servlets/serverpush/simpleimage HTTP/2 push example
> > from Tomcat 9 trunk with the SSL Http11AprProtocol connnector and
> > <UpgradeProtocol
> > className="org.apache.coyote.http2.Http2Protocol"/>.
> >
> > Now I would like to enable HTTP/2 but without SSL : my certificates are
> > either hosted under my load balancer or Apache itself, and I do not
require
> > SSL between mod_proxy and Tomcat.
> >
> > But org.apache.coyote.AbstractProcessor#isPushSupported then returns
false,
> > as if the UpgradeProtocol did not fire.
> >
> > Is it possible to enable HTTP/2 with no SSL connector ?
>
> Yes. You need to add the <UpgradeProtocol ... /> block to an HTTP
> connector. You should see in the start-up log that h2c is enabled via
> HTTP Upgrade.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>



--
http://cv.laurentperez.fr
J2EE, HTML5, JS, CSS3

Re: Setting up HTTP/2 with no SSL connector ?

[Mark Thomas <ma...@apache.org>]

On 30/03/17 18:02, Laurent Perez wrote:
> Hi
> 
> I managed to run the servlets/serverpush/simpleimage HTTP/2 push example
> from Tomcat 9 trunk with the SSL Http11AprProtocol connnector and
> <UpgradeProtocol
> className="org.apache.coyote.http2.Http2Protocol"/>.
> 
> Now I would like to enable HTTP/2 but without SSL : my certificates are
> either hosted under my load balancer or Apache itself, and I do not require
> SSL between mod_proxy and Tomcat.
> 
> But org.apache.coyote.AbstractProcessor#isPushSupported then returns false,
> as if the UpgradeProtocol did not fire.
> 
> Is it possible to enable HTTP/2 with no SSL connector ?

Yes. You need to add the <UpgradeProtocol ... /> block to an HTTP
connector. You should see in the start-up log that h2c is enabled via
HTTP Upgrade.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org