{"id":7012,"date":"2019-01-17T21:24:42","date_gmt":"2019-01-17T20:24:42","guid":{"rendered":"https:\/\/pi3g.com\/?p=7012"},"modified":"2019-01-17T21:27:45","modified_gmt":"2019-01-17T20:27:45","slug":"envoy-as-http-2-front-proxy-enabling-http-2-for-envoy-aka-h2","status":"publish","type":"post","link":"https:\/\/pi3g.com\/de\/envoy-as-http-2-front-proxy-enabling-http-2-for-envoy-aka-h2\/","title":{"rendered":"envoy als http 2 Frontproxy - Aktivierung von http 2 f\u00fcr envoy (auch bekannt als h2)"},"content":{"rendered":"

Out of the box envoy is not configured to set up connections with clients connecting to it with the new HTTP\/2.<\/p>\n

HTTP\/2 is optimized for the modern web, with binary headers, etc. \u2013 higher speed. <\/p>\n

Since envoy is capable of speaking HTTP\/2 to clients, it is a no-brainer to set it up.<\/p>\n

And the setup is really easy<\/strong>, too. You just add one<\/strong> line in the common_tls_context of your listener:<\/p>\n

\n
alpn_protocols: [ \"h2,http\/1.1\" ]<\/pre>\n<\/blockquote>\n
That\u2019s it. (The quotes should be normal quotes, in case WordPress messes these up)<\/p>\n
ALPN stands for Application-Layer Protocol Negotiation<\/a>  – it is apparently needed for HTTP\/2 to work. <\/p>\n
By default, the http_connection_manager envoy filter will support both HTTP1 and HTTP2 in the mode AUTO. <\/p>\n
By adding the alpn_protocols you allow this functionality to actually be used.<\/p>\n
My envoy.yaml for your reference<\/h2>\n
I\u2019m going to reproduce my entire envoy.yaml <\/strong>so you see the context the line has to be put in:<\/p>\n
static_resources:
   listeners:
   – address:
       socket_address:
         address: 0.0.0.0
         port_value: 80
     filter_chains:
     – filters:
       – name: envoy.http_connection_manager
         config:
           codec_type: auto
           stat_prefix: ingress_http
           route_config:
             virtual_hosts:
             – name: backend
               domains: [“*”]
               routes:
               – match: { prefix: “\/” }
                 redirect:
                   path_redirect: “\/”
                   https_redirect: true
           http_filters:
           – name: envoy.router
             config: {}
   – address:
       socket_address:
         address: 0.0.0.0
         port_value: 443
     filter_chains:
     – tls_context:
         common_tls_context:
           tls_certificates:
           – certificate_chain: { filename: “\/etc\/example-com.crt” }
             private_key: { filename: “\/etc\/example-com.key” }
           alpn_protocols: [ “h2,http\/1.1” ]
       filters:
       – name: envoy.http_connection_manager
         config:
           stat_prefix: ingress_https
           route_config:
             virtual_hosts:
             – name: backend
               domains: [“*”]
               routes:
               – match: { prefix: “\/” }
                 route: { cluster: target_taxgod }
           http_filters:
           – name: envoy.router
             config: {}
   clusters:
   – name: target_taxgod
     connect_timeout: 0.25s
     type: strict_dns
     lb_policy: round_robin
     hosts:
     – socket_address:
         address: taxgod
         port_value: 3000
\nadmin:
   access_log_path: “\/tmp\/envoy.log”
   address:
     socket_address:
       address: 0.0.0.0
       port_value: 9901<\/p>\n
<\/p>\n
This envoy.yaml listens on port 80 and port 443. HTTP requests to port 80 are redirected to port 443. All traffic is sent to a docker container \u201ctaxgod\u201d on the same docker network. Refer to this article by me for details.<\/p>\n
<\/p>\n
Please don\u2019t expect copy pasting this whole thing to work \u2013 WordPress unfortunately is too clever for it\u2019s own good sometimes, and messes up all kinds of characters and code formatting.<\/p>\n
References:<\/h2>\n